---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  name: clusterissuers.certmanager.k8s.io
  annotations:
    "helm.sh/hook": crd-install
    "api-approved.kubernetes.io": "unapproved-will-be-remove-with-cert-manager-update"
  labels:
    app: cert-manager
    chart: cert-manager-v0.5.2
    release: cert-manager
    heritage: Tiller
spec:
  group: certmanager.k8s.io
  scope: Cluster
  names:
    kind: ClusterIssuer
    plural: clusterissuers
  versions:
  - name: v1alpha1
    served: true
    storage: true
    schema:
      openAPIV3Schema:
        type: object
        properties:
            apiVersion:
              description: 'APIVersion defines the versioned schema of this representation
                of an object. Servers should convert recognized schemas to the latest
                internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
              type: string
            kind:
              description: 'Kind is a string value representing the REST resource this
                object represents. Servers may infer this from the endpoint the client
                submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
              type: string
            metadata:
              type: object
            spec:
              description: IssuerSpec is the specification of an Issuer. This includes
                any configuration required for the issuer.
              type: object
              properties:
                acme:
                  description: ACMEIssuer contains the specification for an ACME issuer
                  type: object
                  required:
                  - privateKeySecretRef
                  - server
                  properties:
                    email:
                      description: Email is the email for this account
                      type: string
                    externalAccountBinding:
                      description: ExternalAccountBinding is a reference to a CA external
                        account of the ACME server.
                      type: object
                      required:
                      - keyAlgorithm
                      - keyID
                      - keySecretRef
                      properties:
                        keyAlgorithm:
                          description: keyAlgorithm is the MAC key algorithm that the
                            key is used for. Valid values are "HS256", "HS384" and "HS512".
                          type: string
                          enum:
                          - HS256
                          - HS384
                          - HS512
                        keyID:
                          description: keyID is the ID of the CA key that the External
                            Account is bound to.
                          type: string
                        keySecretRef:
                          description: keySecretRef is a Secret Key Selector referencing
                            a data item in a Kubernetes Secret which holds the symmetric
                            MAC key of the External Account Binding. The `key` is the
                            index string that is paired with the key data in the Secret
                            and should not be confused with the key data itself, or indeed
                            with the External Account Binding keyID above. The secret
                            key stored in the Secret **must** be un-padded, base64 URL
                            encoded data.
                          type: object
                          required:
                          - name
                          properties:
                            key:
                              description: The key of the secret to select from. Must
                                be a valid secret key.
                              type: string
                            name:
                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?'
                              type: string
                    privateKeySecretRef:
                      description: PrivateKey is the name of a secret containing the private
                        key for this user account.
                      type: object
                      required:
                      - name
                      properties:
                        key:
                          description: The key of the secret to select from. Must be a
                            valid secret key.
                          type: string
                        name:
                          description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                            TODO: Add other useful fields. apiVersion, kind, uid?'
                          type: string
                    server:
                      description: Server is the ACME server URL
                      type: string
                    skipTLSVerify:
                      description: If true, skip verifying the ACME server TLS certificate
                      type: boolean
                    solvers:
                      description: Solvers is a list of challenge solvers that will be
                        used to solve ACME challenges for the matching domains.
                      type: array
                      items:
                        type: object
                        properties:
                          dns01:
                            type: object
                            properties:
                              acmedns:
                                description: ACMEIssuerDNS01ProviderAcmeDNS is a structure
                                  containing the configuration for ACME-DNS servers
                                type: object
                                required:
                                - accountSecretRef
                                - host
                                properties:
                                  accountSecretRef:
                                    type: object
                                    required:
                                    - name
                                    properties:
                                      key:
                                        description: The key of the secret to select from.
                                          Must be a valid secret key.
                                        type: string
                                      name:
                                        description: 'Name of the referent. More info:
                                          https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                          TODO: Add other useful fields. apiVersion, kind,
                                          uid?'
                                        type: string
                                  host:
                                    type: string
                              akamai:
                                description: ACMEIssuerDNS01ProviderAkamai is a structure
                                  containing the DNS configuration for Akamai DNS—Zone
                                  Record Management API
                                type: object
                                required:
                                - accessTokenSecretRef
                                - clientSecretSecretRef
                                - clientTokenSecretRef
                                - serviceConsumerDomain
                                properties:
                                  accessTokenSecretRef:
                                    type: object
                                    required:
                                    - name
                                    properties:
                                      key:
                                        description: The key of the secret to select from.
                                          Must be a valid secret key.
                                        type: string
                                      name:
                                        description: 'Name of the referent. More info:
                                          https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                          TODO: Add other useful fields. apiVersion, kind,
                                          uid?'
                                        type: string
                                  clientSecretSecretRef:
                                    type: object
                                    required:
                                    - name
                                    properties:
                                      key:
                                        description: The key of the secret to select from.
                                          Must be a valid secret key.
                                        type: string
                                      name:
                                        description: 'Name of the referent. More info:
                                          https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                          TODO: Add other useful fields. apiVersion, kind,
                                          uid?'
                                        type: string
                                  clientTokenSecretRef:
                                    type: object
                                    required:
                                    - name
                                    properties:
                                      key:
                                        description: The key of the secret to select from.
                                          Must be a valid secret key.
                                        type: string
                                      name:
                                        description: 'Name of the referent. More info:
                                          https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                          TODO: Add other useful fields. apiVersion, kind,
                                          uid?'
                                        type: string
                                  serviceConsumerDomain:
                                    type: string
                              azuredns:
                                description: ACMEIssuerDNS01ProviderAzureDNS is a structure
                                  containing the configuration for Azure DNS
                                type: object
                                required:
                                - resourceGroupName
                                - subscriptionID
                                properties:
                                  clientID:
                                    description: if both this and ClientSecret are left
                                      unset MSI will be used
                                    type: string
                                  clientSecretSecretRef:
                                    description: if both this and ClientID are left unset
                                      MSI will be used
                                    type: object
                                    required:
                                    - name
                                    properties:
                                      key:
                                        description: The key of the secret to select from.
                                          Must be a valid secret key.
                                        type: string
                                      name:
                                        description: 'Name of the referent. More info:
                                          https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                          TODO: Add other useful fields. apiVersion, kind,
                                          uid?'
                                        type: string
                                  environment:
                                    type: string
                                    enum:
                                    - AzurePublicCloud
                                    - AzureChinaCloud
                                    - AzureGermanCloud
                                    - AzureUSGovernmentCloud
                                  hostedZoneName:
                                    type: string
                                  resourceGroupName:
                                    type: string
                                  subscriptionID:
                                    type: string
                                  tenantID:
                                    description: when specifying ClientID and ClientSecret
                                      then this field is also needed
                                    type: string
                              clouddns:
                                description: ACMEIssuerDNS01ProviderCloudDNS is a structure
                                  containing the DNS configuration for Google Cloud DNS
                                type: object
                                required:
                                - project
                                properties:
                                  project:
                                    type: string
                                  serviceAccountSecretRef:
                                    type: object
                                    required:
                                    - name
                                    properties:
                                      key:
                                        description: The key of the secret to select from.
                                          Must be a valid secret key.
                                        type: string
                                      name:
                                        description: 'Name of the referent. More info:
                                          https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                          TODO: Add other useful fields. apiVersion, kind,
                                          uid?'
                                        type: string
                              cloudflare:
                                description: ACMEIssuerDNS01ProviderCloudflare is a structure
                                  containing the DNS configuration for Cloudflare
                                type: object
                                required:
                                - email
                                properties:
                                  apiKeySecretRef:
                                    type: object
                                    required:
                                    - name
                                    properties:
                                      key:
                                        description: The key of the secret to select from.
                                          Must be a valid secret key.
                                        type: string
                                      name:
                                        description: 'Name of the referent. More info:
                                          https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                          TODO: Add other useful fields. apiVersion, kind,
                                          uid?'
                                        type: string
                                  apiTokenSecretRef:
                                    type: object
                                    required:
                                    - name
                                    properties:
                                      key:
                                        description: The key of the secret to select from.
                                          Must be a valid secret key.
                                        type: string
                                      name:
                                        description: 'Name of the referent. More info:
                                          https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                          TODO: Add other useful fields. apiVersion, kind,
                                          uid?'
                                        type: string
                                  email:
                                    type: string
                              cnameStrategy:
                                description: CNAMEStrategy configures how the DNS01 provider
                                  should handle CNAME records when found in DNS zones.
                                type: string
                                enum:
                                - None
                                - Follow
                              digitalocean:
                                description: ACMEIssuerDNS01ProviderDigitalOcean is a
                                  structure containing the DNS configuration for DigitalOcean
                                  Domains
                                type: object
                                required:
                                - tokenSecretRef
                                properties:
                                  tokenSecretRef:
                                    type: object
                                    required:
                                    - name
                                    properties:
                                      key:
                                        description: The key of the secret to select from.
                                          Must be a valid secret key.
                                        type: string
                                      name:
                                        description: 'Name of the referent. More info:
                                          https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                          TODO: Add other useful fields. apiVersion, kind,
                                          uid?'
                                        type: string
                              rfc2136:
                                description: ACMEIssuerDNS01ProviderRFC2136 is a structure
                                  containing the configuration for RFC2136 DNS
                                type: object
                                required:
                                - nameserver
                                properties:
                                  nameserver:
                                    description: The IP address or hostname of an authoritative
                                      DNS server supporting RFC2136 in the form host:port.
                                      If the host is an IPv6 address it must be enclosed
                                      in square brackets (e.g [2001:db8::1]) ; port is
                                      optional. This field is required.
                                    type: string
                                  tsigAlgorithm:
                                    description: 'The TSIG Algorithm configured in the
                                      DNS supporting RFC2136. Used only when ``tsigSecretSecretRef``
                                      and ``tsigKeyName`` are defined. Supported values
                                      are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``,
                                      ``HMACSHA256`` or ``HMACSHA512``.'
                                    type: string
                                  tsigKeyName:
                                    description: The TSIG Key name configured in the DNS.
                                      If ``tsigSecretSecretRef`` is defined, this field
                                      is required.
                                    type: string
                                  tsigSecretSecretRef:
                                    description: The name of the secret containing the
                                      TSIG value. If ``tsigKeyName`` is defined, this
                                      field is required.
                                    type: object
                                    required:
                                    - name
                                    properties:
                                      key:
                                        description: The key of the secret to select from.
                                          Must be a valid secret key.
                                        type: string
                                      name:
                                        description: 'Name of the referent. More info:
                                          https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                          TODO: Add other useful fields. apiVersion, kind,
                                          uid?'
                                        type: string
                              route53:
                                description: ACMEIssuerDNS01ProviderRoute53 is a structure
                                  containing the Route 53 configuration for AWS
                                type: object
                                required:
                                - region
                                properties:
                                  accessKeyID:
                                    description: 'The AccessKeyID is used for authentication.
                                      If not set we fall-back to using env vars, shared
                                      credentials file or AWS Instance metadata see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials'
                                    type: string
                                  hostedZoneID:
                                    description: If set, the provider will manage only
                                      this zone in Route53 and will not do an lookup using
                                      the route53:ListHostedZonesByName api call.
                                    type: string
                                  region:
                                    description: Always set the region when using AccessKeyID
                                      and SecretAccessKey
                                    type: string
                                  role:
                                    description: Role is a Role ARN which the Route53
                                      provider will assume using either the explicit credentials
                                      AccessKeyID/SecretAccessKey or the inferred credentials
                                      from environment variables, shared credentials file
                                      or AWS Instance metadata
                                    type: string
                                  secretAccessKeySecretRef:
                                    description: The SecretAccessKey is used for authentication.
                                      If not set we fall-back to using env vars, shared
                                      credentials file or AWS Instance metadata https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
                                    type: object
                                    required:
                                    - name
                                    properties:
                                      key:
                                        description: The key of the secret to select from.
                                          Must be a valid secret key.
                                        type: string
                                      name:
                                        description: 'Name of the referent. More info:
                                          https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                          TODO: Add other useful fields. apiVersion, kind,
                                          uid?'
                                        type: string
                              webhook:
                                description: ACMEIssuerDNS01ProviderWebhook specifies
                                  configuration for a webhook DNS01 provider, including
                                  where to POST ChallengePayload resources.
                                type: object
                                required:
                                - groupName
                                - solverName
                                properties:
                                  config:
                                    description: Additional configuration that should
                                      be passed to the webhook apiserver when challenges
                                      are processed. This can contain arbitrary JSON data.
                                      Secret values should not be specified in this stanza.
                                      If secret values are needed (e.g. credentials for
                                      a DNS service), you should use a SecretKeySelector
                                      to reference a Secret resource. For details on the
                                      schema of this field, consult the webhook provider
                                      implementation's documentation.
                                    x-kubernetes-preserve-unknown-fields: true
                                  groupName:
                                    description: The API group name that should be used
                                      when POSTing ChallengePayload resources to the webhook
                                      apiserver. This should be the same as the GroupName
                                      specified in the webhook provider implementation.
                                    type: string
                                  solverName:
                                    description: The name of the solver to use, as defined
                                      in the webhook provider implementation. This will
                                      typically be the name of the provider, e.g. 'cloudflare'.
                                    type: string
                          http01:
                            description: ACMEChallengeSolverHTTP01 contains configuration
                              detailing how to solve HTTP01 challenges within a Kubernetes
                              cluster. Typically this is accomplished through creating
                              'routes' of some description that configure ingress controllers
                              to direct traffic to 'solver pods', which are responsible
                              for responding to the ACME server's HTTP requests.
                            type: object
                            properties:
                              ingress:
                                description: The ingress based HTTP01 challenge solver
                                  will solve challenges by creating or modifying Ingress
                                  resources in order to route requests for '/.well-known/acme-challenge/XYZ'
                                  to 'challenge solver' pods that are provisioned by cert-manager
                                  for each Challenge to be completed.
                                type: object
                                properties:
                                  class:
                                    description: The ingress class to use when creating
                                      Ingress resources to solve ACME challenges that
                                      use this challenge solver. Only one of 'class' or
                                      'name' may be specified.
                                    type: string
                                  ingressTemplate:
                                    description: Optional ingress template used to configure
                                      the ACME challenge solver ingress used for HTTP01
                                      challenges
                                    type: object
                                    properties:
                                      metadata:
                                        description: ObjectMeta overrides for the ingress
                                          used to solve HTTP01 challenges. Only the 'labels'
                                          and 'annotations' fields may be set. If labels
                                          or annotations overlap with in-built values,
                                          the values here will override the in-built values.
                                        type: object
                                        properties:
                                          annotations:
                                            description: Annotations that should be added
                                              to the created ACME HTTP01 solver ingress.
                                            type: object
                                            additionalProperties:
                                              type: string
                                          labels:
                                            description: Labels that should be added to
                                              the created ACME HTTP01 solver ingress.
                                            type: object
                                            additionalProperties:
                                              type: string
                                  name:
                                    description: The name of the ingress resource that
                                      should have ACME challenge solving routes inserted
                                      into it in order to solve HTTP01 challenges. This
                                      is typically used in conjunction with ingress controllers
                                      like ingress-gce, which maintains a 1:1 mapping
                                      between external IPs and ingress resources.
                                    type: string
                                  podTemplate:
                                    description: Optional pod template used to configure
                                      the ACME challenge solver pods used for HTTP01 challenges
                                    type: object
                                    properties:
                                      metadata:
                                        description: ObjectMeta overrides for the pod
                                          used to solve HTTP01 challenges. Only the 'labels'
                                          and 'annotations' fields may be set. If labels
                                          or annotations overlap with in-built values,
                                          the values here will override the in-built values.
                                        type: object
                                        properties:
                                          annotations:
                                            description: Annotations that should be added
                                              to the create ACME HTTP01 solver pods.
                                            type: object
                                            additionalProperties:
                                              type: string
                                          labels:
                                            description: Labels that should be added to
                                              the created ACME HTTP01 solver pods.
                                            type: object
                                            additionalProperties:
                                              type: string
                                      spec:
                                        description: PodSpec defines overrides for the
                                          HTTP01 challenge solver pod. Only the 'nodeSelector',
                                          'affinity' and 'tolerations' fields are supported
                                          currently. All other fields will be ignored.
                                        type: object
                                        properties:
                                          affinity:
                                            description: If specified, the pod's scheduling
                                              constraints
                                            type: object
                                            properties:
                                              nodeAffinity:
                                                description: Describes node affinity scheduling
                                                  rules for the pod.
                                                type: object
                                                properties:
                                                  preferredDuringSchedulingIgnoredDuringExecution:
                                                    description: The scheduler will prefer
                                                      to schedule pods to nodes that satisfy
                                                      the affinity expressions specified
                                                      by this field, but it may choose
                                                      a node that violates one or more
                                                      of the expressions. The node that
                                                      is most preferred is the one with
                                                      the greatest sum of weights, i.e.
                                                      for each node that meets all of
                                                      the scheduling requirements (resource
                                                      request, requiredDuringScheduling
                                                      affinity expressions, etc.), compute
                                                      a sum by iterating through the elements
                                                      of this field and adding "weight"
                                                      to the sum if the node matches the
                                                      corresponding matchExpressions;
                                                      the node(s) with the highest sum
                                                      are the most preferred.
                                                    type: array
                                                    items:
                                                      description: An empty preferred
                                                        scheduling term matches all objects
                                                        with implicit weight 0 (i.e. it's
                                                        a no-op). A null preferred scheduling
                                                        term matches no objects (i.e.
                                                        is also a no-op).
                                                      type: object
                                                      required:
                                                      - preference
                                                      - weight
                                                      properties:
                                                        preference:
                                                          description: A node selector
                                                            term, associated with the
                                                            corresponding weight.
                                                          type: object
                                                          properties:
                                                            matchExpressions:
                                                              description: A list of node
                                                                selector requirements
                                                                by node's labels.
                                                              type: array
                                                              items:
                                                                description: A node selector
                                                                  requirement is a selector
                                                                  that contains values,
                                                                  a key, and an operator
                                                                  that relates the key
                                                                  and values.
                                                                type: object
                                                                required:
                                                                - key
                                                                - operator
                                                                properties:
                                                                  key:
                                                                    description: The label
                                                                      key that the selector
                                                                      applies to.
                                                                    type: string
                                                                  operator:
                                                                    description: Represents
                                                                      a key's relationship
                                                                      to a set of values.
                                                                      Valid operators
                                                                      are In, NotIn, Exists,
                                                                      DoesNotExist. Gt,
                                                                      and Lt.
                                                                    type: string
                                                                  values:
                                                                    description: An array
                                                                      of string values.
                                                                      If the operator
                                                                      is In or NotIn,
                                                                      the values array
                                                                      must be non-empty.
                                                                      If the operator
                                                                      is Exists or DoesNotExist,
                                                                      the values array
                                                                      must be empty. If
                                                                      the operator is
                                                                      Gt or Lt, the values
                                                                      array must have
                                                                      a single element,
                                                                      which will be interpreted
                                                                      as an integer. This
                                                                      array is replaced
                                                                      during a strategic
                                                                      merge patch.
                                                                    type: array
                                                                    items:
                                                                      type: string
                                                            matchFields:
                                                              description: A list of node
                                                                selector requirements
                                                                by node's fields.
                                                              type: array
                                                              items:
                                                                description: A node selector
                                                                  requirement is a selector
                                                                  that contains values,
                                                                  a key, and an operator
                                                                  that relates the key
                                                                  and values.
                                                                type: object
                                                                required:
                                                                - key
                                                                - operator
                                                                properties:
                                                                  key:
                                                                    description: The label
                                                                      key that the selector
                                                                      applies to.
                                                                    type: string
                                                                  operator:
                                                                    description: Represents
                                                                      a key's relationship
                                                                      to a set of values.
                                                                      Valid operators
                                                                      are In, NotIn, Exists,
                                                                      DoesNotExist. Gt,
                                                                      and Lt.
                                                                    type: string
                                                                  values:
                                                                    description: An array
                                                                      of string values.
                                                                      If the operator
                                                                      is In or NotIn,
                                                                      the values array
                                                                      must be non-empty.
                                                                      If the operator
                                                                      is Exists or DoesNotExist,
                                                                      the values array
                                                                      must be empty. If
                                                                      the operator is
                                                                      Gt or Lt, the values
                                                                      array must have
                                                                      a single element,
                                                                      which will be interpreted
                                                                      as an integer. This
                                                                      array is replaced
                                                                      during a strategic
                                                                      merge patch.
                                                                    type: array
                                                                    items:
                                                                      type: string
                                                        weight:
                                                          description: Weight associated
                                                            with matching the corresponding
                                                            nodeSelectorTerm, in the range
                                                            1-100.
                                                          type: integer
                                                          format: int32
                                                  requiredDuringSchedulingIgnoredDuringExecution:
                                                    description: If the affinity requirements
                                                      specified by this field are not
                                                      met at scheduling time, the pod
                                                      will not be scheduled onto the node.
                                                      If the affinity requirements specified
                                                      by this field cease to be met at
                                                      some point during pod execution
                                                      (e.g. due to an update), the system
                                                      may or may not try to eventually
                                                      evict the pod from its node.
                                                    type: object
                                                    required:
                                                    - nodeSelectorTerms
                                                    properties:
                                                      nodeSelectorTerms:
                                                        description: Required. A list
                                                          of node selector terms. The
                                                          terms are ORed.
                                                        type: array
                                                        items:
                                                          description: A null or empty
                                                            node selector term matches
                                                            no objects. The requirements
                                                            of them are ANDed. The TopologySelectorTerm
                                                            type implements a subset of
                                                            the NodeSelectorTerm.
                                                          type: object
                                                          properties:
                                                            matchExpressions:
                                                              description: A list of node
                                                                selector requirements
                                                                by node's labels.
                                                              type: array
                                                              items:
                                                                description: A node selector
                                                                  requirement is a selector
                                                                  that contains values,
                                                                  a key, and an operator
                                                                  that relates the key
                                                                  and values.
                                                                type: object
                                                                required:
                                                                - key
                                                                - operator
                                                                properties:
                                                                  key:
                                                                    description: The label
                                                                      key that the selector
                                                                      applies to.
                                                                    type: string
                                                                  operator:
                                                                    description: Represents
                                                                      a key's relationship
                                                                      to a set of values.
                                                                      Valid operators
                                                                      are In, NotIn, Exists,
                                                                      DoesNotExist. Gt,
                                                                      and Lt.
                                                                    type: string
                                                                  values:
                                                                    description: An array
                                                                      of string values.
                                                                      If the operator
                                                                      is In or NotIn,
                                                                      the values array
                                                                      must be non-empty.
                                                                      If the operator
                                                                      is Exists or DoesNotExist,
                                                                      the values array
                                                                      must be empty. If
                                                                      the operator is
                                                                      Gt or Lt, the values
                                                                      array must have
                                                                      a single element,
                                                                      which will be interpreted
                                                                      as an integer. This
                                                                      array is replaced
                                                                      during a strategic
                                                                      merge patch.
                                                                    type: array
                                                                    items:
                                                                      type: string
                                                            matchFields:
                                                              description: A list of node
                                                                selector requirements
                                                                by node's fields.
                                                              type: array
                                                              items:
                                                                description: A node selector
                                                                  requirement is a selector
                                                                  that contains values,
                                                                  a key, and an operator
                                                                  that relates the key
                                                                  and values.
                                                                type: object
                                                                required:
                                                                - key
                                                                - operator
                                                                properties:
                                                                  key:
                                                                    description: The label
                                                                      key that the selector
                                                                      applies to.
                                                                    type: string
                                                                  operator:
                                                                    description: Represents
                                                                      a key's relationship
                                                                      to a set of values.
                                                                      Valid operators
                                                                      are In, NotIn, Exists,
                                                                      DoesNotExist. Gt,
                                                                      and Lt.
                                                                    type: string
                                                                  values:
                                                                    description: An array
                                                                      of string values.
                                                                      If the operator
                                                                      is In or NotIn,
                                                                      the values array
                                                                      must be non-empty.
                                                                      If the operator
                                                                      is Exists or DoesNotExist,
                                                                      the values array
                                                                      must be empty. If
                                                                      the operator is
                                                                      Gt or Lt, the values
                                                                      array must have
                                                                      a single element,
                                                                      which will be interpreted
                                                                      as an integer. This
                                                                      array is replaced
                                                                      during a strategic
                                                                      merge patch.
                                                                    type: array
                                                                    items:
                                                                      type: string
                                              podAffinity:
                                                description: Describes pod affinity scheduling
                                                  rules (e.g. co-locate this pod in the
                                                  same node, zone, etc. as some other
                                                  pod(s)).
                                                type: object
                                                properties:
                                                  preferredDuringSchedulingIgnoredDuringExecution:
                                                    description: The scheduler will prefer
                                                      to schedule pods to nodes that satisfy
                                                      the affinity expressions specified
                                                      by this field, but it may choose
                                                      a node that violates one or more
                                                      of the expressions. The node that
                                                      is most preferred is the one with
                                                      the greatest sum of weights, i.e.
                                                      for each node that meets all of
                                                      the scheduling requirements (resource
                                                      request, requiredDuringScheduling
                                                      affinity expressions, etc.), compute
                                                      a sum by iterating through the elements
                                                      of this field and adding "weight"
                                                      to the sum if the node has pods
                                                      which matches the corresponding
                                                      podAffinityTerm; the node(s) with
                                                      the highest sum are the most preferred.
                                                    type: array
                                                    items:
                                                      description: The weights of all
                                                        of the matched WeightedPodAffinityTerm
                                                        fields are added per-node to find
                                                        the most preferred node(s)
                                                      type: object
                                                      required:
                                                      - podAffinityTerm
                                                      - weight
                                                      properties:
                                                        podAffinityTerm:
                                                          description: Required. A pod
                                                            affinity term, associated
                                                            with the corresponding weight.
                                                          type: object
                                                          required:
                                                          - topologyKey
                                                          properties:
                                                            labelSelector:
                                                              description: A label query
                                                                over a set of resources,
                                                                in this case pods.
                                                              type: object
                                                              properties:
                                                                matchExpressions:
                                                                  description: matchExpressions
                                                                    is a list of label
                                                                    selector requirements.
                                                                    The requirements are
                                                                    ANDed.
                                                                  type: array
                                                                  items:
                                                                    description: A label
                                                                      selector requirement
                                                                      is a selector that
                                                                      contains values,
                                                                      a key, and an operator
                                                                      that relates the
                                                                      key and values.
                                                                    type: object
                                                                    required:
                                                                    - key
                                                                    - operator
                                                                    properties:
                                                                      key:
                                                                        description: key
                                                                          is the label
                                                                          key that the
                                                                          selector applies
                                                                          to.
                                                                        type: string
                                                                      operator:
                                                                        description: operator
                                                                          represents a
                                                                          key's relationship
                                                                          to a set of
                                                                          values. Valid
                                                                          operators are
                                                                          In, NotIn, Exists
                                                                          and DoesNotExist.
                                                                        type: string
                                                                      values:
                                                                        description: values
                                                                          is an array
                                                                          of string values.
                                                                          If the operator
                                                                          is In or NotIn,
                                                                          the values array
                                                                          must be non-empty.
                                                                          If the operator
                                                                          is Exists or
                                                                          DoesNotExist,
                                                                          the values array
                                                                          must be empty.
                                                                          This array is
                                                                          replaced during
                                                                          a strategic
                                                                          merge patch.
                                                                        type: array
                                                                        items:
                                                                          type: string
                                                                matchLabels:
                                                                  description: matchLabels
                                                                    is a map of {key,value}
                                                                    pairs. A single {key,value}
                                                                    in the matchLabels
                                                                    map is equivalent
                                                                    to an element of matchExpressions,
                                                                    whose key field is
                                                                    "key", the operator
                                                                    is "In", and the values
                                                                    array contains only
                                                                    "value". The requirements
                                                                    are ANDed.
                                                                  type: object
                                                                  additionalProperties:
                                                                    type: string
                                                            namespaces:
                                                              description: namespaces
                                                                specifies which namespaces
                                                                the labelSelector applies
                                                                to (matches against);
                                                                null or empty list means
                                                                "this pod's namespace"
                                                              type: array
                                                              items:
                                                                type: string
                                                            topologyKey:
                                                              description: This pod should
                                                                be co-located (affinity)
                                                                or not co-located (anti-affinity)
                                                                with the pods matching
                                                                the labelSelector in the
                                                                specified namespaces,
                                                                where co-located is defined
                                                                as running on a node whose
                                                                value of the label with
                                                                key topologyKey matches
                                                                that of any node on which
                                                                any of the selected pods
                                                                is running. Empty topologyKey
                                                                is not allowed.
                                                              type: string
                                                        weight:
                                                          description: weight associated
                                                            with matching the corresponding
                                                            podAffinityTerm, in the range
                                                            1-100.
                                                          type: integer
                                                          format: int32
                                                  requiredDuringSchedulingIgnoredDuringExecution:
                                                    description: If the affinity requirements
                                                      specified by this field are not
                                                      met at scheduling time, the pod
                                                      will not be scheduled onto the node.
                                                      If the affinity requirements specified
                                                      by this field cease to be met at
                                                      some point during pod execution
                                                      (e.g. due to a pod label update),
                                                      the system may or may not try to
                                                      eventually evict the pod from its
                                                      node. When there are multiple elements,
                                                      the lists of nodes corresponding
                                                      to each podAffinityTerm are intersected,
                                                      i.e. all terms must be satisfied.
                                                    type: array
                                                    items:
                                                      description: Defines a set of pods
                                                        (namely those matching the labelSelector
                                                        relative to the given namespace(s))
                                                        that this pod should be co-located
                                                        (affinity) or not co-located (anti-affinity)
                                                        with, where co-located is defined
                                                        as running on a node whose value
                                                        of the label with key <topologyKey>
                                                        matches that of any node on which
                                                        a pod of the set of pods is running
                                                      type: object
                                                      required:
                                                      - topologyKey
                                                      properties:
                                                        labelSelector:
                                                          description: A label query over
                                                            a set of resources, in this
                                                            case pods.
                                                          type: object
                                                          properties:
                                                            matchExpressions:
                                                              description: matchExpressions
                                                                is a list of label selector
                                                                requirements. The requirements
                                                                are ANDed.
                                                              type: array
                                                              items:
                                                                description: A label selector
                                                                  requirement is a selector
                                                                  that contains values,
                                                                  a key, and an operator
                                                                  that relates the key
                                                                  and values.
                                                                type: object
                                                                required:
                                                                - key
                                                                - operator
                                                                properties:
                                                                  key:
                                                                    description: key is
                                                                      the label key that
                                                                      the selector applies
                                                                      to.
                                                                    type: string
                                                                  operator:
                                                                    description: operator
                                                                      represents a key's
                                                                      relationship to
                                                                      a set of values.
                                                                      Valid operators
                                                                      are In, NotIn, Exists
                                                                      and DoesNotExist.
                                                                    type: string
                                                                  values:
                                                                    description: values
                                                                      is an array of string
                                                                      values. If the operator
                                                                      is In or NotIn,
                                                                      the values array
                                                                      must be non-empty.
                                                                      If the operator
                                                                      is Exists or DoesNotExist,
                                                                      the values array
                                                                      must be empty. This
                                                                      array is replaced
                                                                      during a strategic
                                                                      merge patch.
                                                                    type: array
                                                                    items:
                                                                      type: string
                                                            matchLabels:
                                                              description: matchLabels
                                                                is a map of {key,value}
                                                                pairs. A single {key,value}
                                                                in the matchLabels map
                                                                is equivalent to an element
                                                                of matchExpressions, whose
                                                                key field is "key", the
                                                                operator is "In", and
                                                                the values array contains
                                                                only "value". The requirements
                                                                are ANDed.
                                                              type: object
                                                              additionalProperties:
                                                                type: string
                                                        namespaces:
                                                          description: namespaces specifies
                                                            which namespaces the labelSelector
                                                            applies to (matches against);
                                                            null or empty list means "this
                                                            pod's namespace"
                                                          type: array
                                                          items:
                                                            type: string
                                                        topologyKey:
                                                          description: This pod should
                                                            be co-located (affinity) or
                                                            not co-located (anti-affinity)
                                                            with the pods matching the
                                                            labelSelector in the specified
                                                            namespaces, where co-located
                                                            is defined as running on a
                                                            node whose value of the label
                                                            with key topologyKey matches
                                                            that of any node on which
                                                            any of the selected pods is
                                                            running. Empty topologyKey
                                                            is not allowed.
                                                          type: string
                                              podAntiAffinity:
                                                description: Describes pod anti-affinity
                                                  scheduling rules (e.g. avoid putting
                                                  this pod in the same node, zone, etc.
                                                  as some other pod(s)).
                                                type: object
                                                properties:
                                                  preferredDuringSchedulingIgnoredDuringExecution:
                                                    description: The scheduler will prefer
                                                      to schedule pods to nodes that satisfy
                                                      the anti-affinity expressions specified
                                                      by this field, but it may choose
                                                      a node that violates one or more
                                                      of the expressions. The node that
                                                      is most preferred is the one with
                                                      the greatest sum of weights, i.e.
                                                      for each node that meets all of
                                                      the scheduling requirements (resource
                                                      request, requiredDuringScheduling
                                                      anti-affinity expressions, etc.),
                                                      compute a sum by iterating through
                                                      the elements of this field and adding
                                                      "weight" to the sum if the node
                                                      has pods which matches the corresponding
                                                      podAffinityTerm; the node(s) with
                                                      the highest sum are the most preferred.
                                                    type: array
                                                    items:
                                                      description: The weights of all
                                                        of the matched WeightedPodAffinityTerm
                                                        fields are added per-node to find
                                                        the most preferred node(s)
                                                      type: object
                                                      required:
                                                      - podAffinityTerm
                                                      - weight
                                                      properties:
                                                        podAffinityTerm:
                                                          description: Required. A pod
                                                            affinity term, associated
                                                            with the corresponding weight.
                                                          type: object
                                                          required:
                                                          - topologyKey
                                                          properties:
                                                            labelSelector:
                                                              description: A label query
                                                                over a set of resources,
                                                                in this case pods.
                                                              type: object
                                                              properties:
                                                                matchExpressions:
                                                                  description: matchExpressions
                                                                    is a list of label
                                                                    selector requirements.
                                                                    The requirements are
                                                                    ANDed.
                                                                  type: array
                                                                  items:
                                                                    description: A label
                                                                      selector requirement
                                                                      is a selector that
                                                                      contains values,
                                                                      a key, and an operator
                                                                      that relates the
                                                                      key and values.
                                                                    type: object
                                                                    required:
                                                                    - key
                                                                    - operator
                                                                    properties:
                                                                      key:
                                                                        description: key
                                                                          is the label
                                                                          key that the
                                                                          selector applies
                                                                          to.
                                                                        type: string
                                                                      operator:
                                                                        description: operator
                                                                          represents a
                                                                          key's relationship
                                                                          to a set of
                                                                          values. Valid
                                                                          operators are
                                                                          In, NotIn, Exists
                                                                          and DoesNotExist.
                                                                        type: string
                                                                      values:
                                                                        description: values
                                                                          is an array
                                                                          of string values.
                                                                          If the operator
                                                                          is In or NotIn,
                                                                          the values array
                                                                          must be non-empty.
                                                                          If the operator
                                                                          is Exists or
                                                                          DoesNotExist,
                                                                          the values array
                                                                          must be empty.
                                                                          This array is
                                                                          replaced during
                                                                          a strategic
                                                                          merge patch.
                                                                        type: array
                                                                        items:
                                                                          type: string
                                                                matchLabels:
                                                                  description: matchLabels
                                                                    is a map of {key,value}
                                                                    pairs. A single {key,value}
                                                                    in the matchLabels
                                                                    map is equivalent
                                                                    to an element of matchExpressions,
                                                                    whose key field is
                                                                    "key", the operator
                                                                    is "In", and the values
                                                                    array contains only
                                                                    "value". The requirements
                                                                    are ANDed.
                                                                  type: object
                                                                  additionalProperties:
                                                                    type: string
                                                            namespaces:
                                                              description: namespaces
                                                                specifies which namespaces
                                                                the labelSelector applies
                                                                to (matches against);
                                                                null or empty list means
                                                                "this pod's namespace"
                                                              type: array
                                                              items:
                                                                type: string
                                                            topologyKey:
                                                              description: This pod should
                                                                be co-located (affinity)
                                                                or not co-located (anti-affinity)
                                                                with the pods matching
                                                                the labelSelector in the
                                                                specified namespaces,
                                                                where co-located is defined
                                                                as running on a node whose
                                                                value of the label with
                                                                key topologyKey matches
                                                                that of any node on which
                                                                any of the selected pods
                                                                is running. Empty topologyKey
                                                                is not allowed.
                                                              type: string
                                                        weight:
                                                          description: weight associated
                                                            with matching the corresponding
                                                            podAffinityTerm, in the range
                                                            1-100.
                                                          type: integer
                                                          format: int32
                                                  requiredDuringSchedulingIgnoredDuringExecution:
                                                    description: If the anti-affinity
                                                      requirements specified by this field
                                                      are not met at scheduling time,
                                                      the pod will not be scheduled onto
                                                      the node. If the anti-affinity requirements
                                                      specified by this field cease to
                                                      be met at some point during pod
                                                      execution (e.g. due to a pod label
                                                      update), the system may or may not
                                                      try to eventually evict the pod
                                                      from its node. When there are multiple
                                                      elements, the lists of nodes corresponding
                                                      to each podAffinityTerm are intersected,
                                                      i.e. all terms must be satisfied.
                                                    type: array
                                                    items:
                                                      description: Defines a set of pods
                                                        (namely those matching the labelSelector
                                                        relative to the given namespace(s))
                                                        that this pod should be co-located
                                                        (affinity) or not co-located (anti-affinity)
                                                        with, where co-located is defined
                                                        as running on a node whose value
                                                        of the label with key <topologyKey>
                                                        matches that of any node on which
                                                        a pod of the set of pods is running
                                                      type: object
                                                      required:
                                                      - topologyKey
                                                      properties:
                                                        labelSelector:
                                                          description: A label query over
                                                            a set of resources, in this
                                                            case pods.
                                                          type: object
                                                          properties:
                                                            matchExpressions:
                                                              description: matchExpressions
                                                                is a list of label selector
                                                                requirements. The requirements
                                                                are ANDed.
                                                              type: array
                                                              items:
                                                                description: A label selector
                                                                  requirement is a selector
                                                                  that contains values,
                                                                  a key, and an operator
                                                                  that relates the key
                                                                  and values.
                                                                type: object
                                                                required:
                                                                - key
                                                                - operator
                                                                properties:
                                                                  key:
                                                                    description: key is
                                                                      the label key that
                                                                      the selector applies
                                                                      to.
                                                                    type: string
                                                                  operator:
                                                                    description: operator
                                                                      represents a key's
                                                                      relationship to
                                                                      a set of values.
                                                                      Valid operators
                                                                      are In, NotIn, Exists
                                                                      and DoesNotExist.
                                                                    type: string
                                                                  values:
                                                                    description: values
                                                                      is an array of string
                                                                      values. If the operator
                                                                      is In or NotIn,
                                                                      the values array
                                                                      must be non-empty.
                                                                      If the operator
                                                                      is Exists or DoesNotExist,
                                                                      the values array
                                                                      must be empty. This
                                                                      array is replaced
                                                                      during a strategic
                                                                      merge patch.
                                                                    type: array
                                                                    items:
                                                                      type: string
                                                            matchLabels:
                                                              description: matchLabels
                                                                is a map of {key,value}
                                                                pairs. A single {key,value}
                                                                in the matchLabels map
                                                                is equivalent to an element
                                                                of matchExpressions, whose
                                                                key field is "key", the
                                                                operator is "In", and
                                                                the values array contains
                                                                only "value". The requirements
                                                                are ANDed.
                                                              type: object
                                                              additionalProperties:
                                                                type: string
                                                        namespaces:
                                                          description: namespaces specifies
                                                            which namespaces the labelSelector
                                                            applies to (matches against);
                                                            null or empty list means "this
                                                            pod's namespace"
                                                          type: array
                                                          items:
                                                            type: string
                                                        topologyKey:
                                                          description: This pod should
                                                            be co-located (affinity) or
                                                            not co-located (anti-affinity)
                                                            with the pods matching the
                                                            labelSelector in the specified
                                                            namespaces, where co-located
                                                            is defined as running on a
                                                            node whose value of the label
                                                            with key topologyKey matches
                                                            that of any node on which
                                                            any of the selected pods is
                                                            running. Empty topologyKey
                                                            is not allowed.
                                                          type: string
                                          nodeSelector:
                                            description: 'NodeSelector is a selector which
                                              must be true for the pod to fit on a node.
                                              Selector which must match a node''s labels
                                              for the pod to be scheduled on that node.
                                              More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
                                            type: object
                                            additionalProperties:
                                              type: string
                                          tolerations:
                                            description: If specified, the pod's tolerations.
                                            type: array
                                            items:
                                              description: The pod this Toleration is
                                                attached to tolerates any taint that matches
                                                the triple <key,value,effect> using the
                                                matching operator <operator>.
                                              type: object
                                              properties:
                                                effect:
                                                  description: Effect indicates the taint
                                                    effect to match. Empty means match
                                                    all taint effects. When specified,
                                                    allowed values are NoSchedule, PreferNoSchedule
                                                    and NoExecute.
                                                  type: string
                                                key:
                                                  description: Key is the taint key that
                                                    the toleration applies to. Empty means
                                                    match all taint keys. If the key is
                                                    empty, operator must be Exists; this
                                                    combination means to match all values
                                                    and all keys.
                                                  type: string
                                                operator:
                                                  description: Operator represents a key's
                                                    relationship to the value. Valid operators
                                                    are Exists and Equal. Defaults to
                                                    Equal. Exists is equivalent to wildcard
                                                    for value, so that a pod can tolerate
                                                    all taints of a particular category.
                                                  type: string
                                                tolerationSeconds:
                                                  description: TolerationSeconds represents
                                                    the period of time the toleration
                                                    (which must be of effect NoExecute,
                                                    otherwise this field is ignored) tolerates
                                                    the taint. By default, it is not set,
                                                    which means tolerate the taint forever
                                                    (do not evict). Zero and negative
                                                    values will be treated as 0 (evict
                                                    immediately) by the system.
                                                  type: integer
                                                  format: int64
                                                value:
                                                  description: Value is the taint value
                                                    the toleration matches to. If the
                                                    operator is Exists, the value should
                                                    be empty, otherwise just a regular
                                                    string.
                                                  type: string
                                  serviceType:
                                    description: Optional service type for Kubernetes
                                      solver service
                                    type: string
                          selector:
                            description: Selector selects a set of DNSNames on the Certificate
                              resource that should be solved using this challenge solver.
                            type: object
                            properties:
                              dnsNames:
                                description: List of DNSNames that this solver will be
                                  used to solve. If specified and a match is found, a
                                  dnsNames selector will take precedence over a dnsZones
                                  selector. If multiple solvers match with the same dnsNames
                                  value, the solver with the most matching labels in matchLabels
                                  will be selected. If neither has more matches, the solver
                                  defined earlier in the list will be selected.
                                type: array
                                items:
                                  type: string
                              dnsZones:
                                description: List of DNSZones that this solver will be
                                  used to solve. The most specific DNS zone match specified
                                  here will take precedence over other DNS zone matches,
                                  so a solver specifying sys.example.com will be selected
                                  over one specifying example.com for the domain www.sys.example.com.
                                  If multiple solvers match with the same dnsZones value,
                                  the solver with the most matching labels in matchLabels
                                  will be selected. If neither has more matches, the solver
                                  defined earlier in the list will be selected.
                                type: array
                                items:
                                  type: string
                              matchLabels:
                                description: A label selector that is used to refine the
                                  set of certificate's that this challenge solver will
                                  apply to.
                                type: object
                                additionalProperties:
                                  type: string
                ca:
                  type: object
                  required:
                  - secretName
                  properties:
                    crlDistributionPoints:
                      description: The CRL distribution points is an X.509 v3 certificate
                        extension which identifies the location of the CRL from which
                        the revocation of this certificate can be checked. If not set
                        certificate will be issued without CDP. Values are strings.
                      type: array
                      items:
                        type: string
                    secretName:
                      description: SecretName is the name of the secret used to sign Certificates
                        issued by this Issuer.
                      type: string
                selfSigned:
                  type: object
                  properties:
                    crlDistributionPoints:
                      description: The CRL distribution points is an X.509 v3 certificate
                        extension which identifies the location of the CRL from which
                        the revocation of this certificate can be checked. If not set
                        certificate will be issued without CDP. Values are strings.
                      type: array
                      items:
                        type: string
                vault:
                  type: object
                  required:
                  - auth
                  - path
                  - server
                  properties:
                    auth:
                      description: Vault authentication
                      type: object
                      properties:
                        appRole:
                          description: This Secret contains a AppRole and Secret
                          type: object
                          required:
                          - path
                          - roleId
                          - secretRef
                          properties:
                            path:
                              description: Where the authentication path is mounted in
                                Vault.
                              type: string
                            roleId:
                              type: string
                            secretRef:
                              type: object
                              required:
                              - name
                              properties:
                                key:
                                  description: The key of the secret to select from. Must
                                    be a valid secret key.
                                  type: string
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind, uid?'
                                  type: string
                        kubernetes:
                          description: This contains a Role and Secret with a ServiceAccount
                            token to authenticate with vault.
                          type: object
                          required:
                          - role
                          - secretRef
                          properties:
                            mountPath:
                              description: The Vault mountPath here is the mount path
                                to use when authenticating with Vault. For example, setting
                                a value to `/v1/auth/foo`, will use the path `/v1/auth/foo/login`
                                to authenticate with Vault. If unspecified, the default
                                value "/v1/auth/kubernetes" will be used.
                              type: string
                            role:
                              description: A required field containing the Vault Role
                                to assume. A Role binds a Kubernetes ServiceAccount with
                                a set of Vault policies.
                              type: string
                            secretRef:
                              description: The required Secret field containing a Kubernetes
                                ServiceAccount JWT used for authenticating with Vault.
                                Use of 'ambient credentials' is not supported.
                              type: object
                              required:
                              - name
                              properties:
                                key:
                                  description: The key of the secret to select from. Must
                                    be a valid secret key.
                                  type: string
                                name:
                                  description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    TODO: Add other useful fields. apiVersion, kind, uid?'
                                  type: string
                        tokenSecretRef:
                          description: This Secret contains the Vault token key
                          type: object
                          required:
                          - name
                          properties:
                            key:
                              description: The key of the secret to select from. Must
                                be a valid secret key.
                              type: string
                            name:
                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?'
                              type: string
                    caBundle:
                      description: Base64 encoded CA bundle to validate Vault server certificate.
                        Only used if the Server URL is using HTTPS protocol. This parameter
                        is ignored for plain HTTP protocol connection. If not set the
                        system root certificates are used to validate the TLS connection.
                      type: string
                      format: byte
                    path:
                      description: Vault URL path to the certificate role
                      type: string
                    server:
                      description: Server is the vault connection address
                      type: string
                venafi:
                  description: VenafiIssuer describes issuer configuration details for
                    Venafi Cloud.
                  type: object
                  required:
                  - zone
                  properties:
                    cloud:
                      description: Cloud specifies the Venafi cloud configuration settings.
                        Only one of TPP or Cloud may be specified.
                      type: object
                      required:
                      - apiTokenSecretRef
                      properties:
                        apiTokenSecretRef:
                          description: APITokenSecretRef is a secret key selector for
                            the Venafi Cloud API token.
                          type: object
                          required:
                          - name
                          properties:
                            key:
                              description: The key of the secret to select from. Must
                                be a valid secret key.
                              type: string
                            name:
                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?'
                              type: string
                        url:
                          description: URL is the base URL for Venafi Cloud
                          type: string
                    tpp:
                      description: TPP specifies Trust Protection Platform configuration
                        settings. Only one of TPP or Cloud may be specified.
                      type: object
                      required:
                      - credentialsRef
                      - url
                      properties:
                        caBundle:
                          description: CABundle is a PEM encoded TLS certificate to use
                            to verify connections to the TPP instance. If specified, system
                            roots will not be used and the issuing CA for the TPP instance
                            must be verifiable using the provided root. If not specified,
                            the connection will be verified using the cert-manager system
                            root certificates.
                          type: string
                          format: byte
                        credentialsRef:
                          description: CredentialsRef is a reference to a Secret containing
                            the username and password for the TPP server. The secret must
                            contain two keys, 'username' and 'password'.
                          type: object
                          required:
                          - name
                          properties:
                            name:
                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                TODO: Add other useful fields. apiVersion, kind, uid?'
                              type: string
                        url:
                          description: URL is the base URL for the Venafi TPP instance
                          type: string
                    zone:
                      description: Zone is the Venafi Policy Zone to use for this issuer.
                        All requests made to the Venafi platform will be restricted by
                        the named zone policy. This field is required.
                      type: string
            status:
              description: IssuerStatus contains status information about an Issuer
              type: object
              properties:
                acme:
                  type: object
                  properties:
                    lastRegisteredEmail:
                      description: LastRegisteredEmail is the email associated with the
                        latest registered ACME account, in order to track changes made
                        to registered account associated with the  Issuer
                      type: string
                    uri:
                      description: URI is the unique account identifier, which can also
                        be used to retrieve account details from the CA
                      type: string
                conditions:
                  type: array
                  items:
                    description: IssuerCondition contains condition information for an
                      Issuer.
                    type: object
                    required:
                    - status
                    - type
                    properties:
                      lastTransitionTime:
                        description: LastTransitionTime is the timestamp corresponding
                          to the last status change of this condition.
                        type: string
                        format: date-time
                      message:
                        description: Message is a human readable description of the details
                          of the last transition, complementing reason.
                        type: string
                      reason:
                        description: Reason is a brief machine readable explanation for
                          the condition's last transition.
                        type: string
                      status:
                        description: Status of the condition, one of ('True', 'False',
                          'Unknown').
                        type: string
                        enum:
                        - "True"
                        - "False"
                        - Unknown
                      type:
                        description: Type of the condition, currently ('Ready').
                        type: string